IN THE CLAIMS : 



Please AMEND claims 1, 10, 14, 18, 22-23, and 25 as follows. 

1 . (Currently Amended) A system, comprising: 
an application device; 
a service device; 

a communication network configured to connect said application device to said 
service device; 

an internet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of authentication services 
and encryption services, said internet protocol security service unit deployed in said 
service device; 

at least one management client configured to issue , in response to communication 
received at said application device from a user equipment via a session key management 
protocol, security association management requests to create and manage, with a -said 
session key management protocol, security associations for use by said provided internet 
protocol security services, said at least one management client deployed in said 
application device; and 

a management server configured to receive said security association management 
requests issued from said at least one management client and to respond, in connection 
with said internet protocol security service unit, to said security association management 
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requests received at said management server, said management server deployed in said 
service device. 

2. (Previously Presented) The system according to claim 1, wherein said 
application device further comprises an interface configured to provide communication 
between said at least one management client associated with said application device and 
said management server. 

3. (Previously Presented) The system according to claim 1, wherein said 
security association management requests comprise at least one of adding requests 
configured to add security associations, deleting requests configured to delete security 
associations, and querying requests configured to query about security associations. 

4. (Previously Presented) The system according to claim 2, wherein said 
interface is further configured to use sockets for communication with said management 
server. 

5. (Previously Presented) The system according to claim 2, wherein said 
interface comprises data structures used in communication between said management 
client and said management server. 
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6. (Previously Presented) The system according to claim 2, wherein said 
interface is implemented as a software library linked dynamically or statistically into a 
corresponding management client. 

7. (Previously Presented) The system according to claim 1, wherein said 
internet protocol security service unit and said management server are configured to use a 
local communication channel for communications between said internet protocol security 
service unit and said management server. 

8. (Previously Presented) The system according to claim 1, wherein at least 
one application device comprises two or more management clients, and wherein at least 
two of said management clients are configured to use different session key management 
protocols. 

9. (Cancelled) 

1 0. (Currently Amended) A method, comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, said internet protocol security service unit being deployed in a service 
device; 
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issuin g, in response to communication received at an application device from a 
user equipment via a session key management protocol, security association management 
requests to create and manage, with a -said session key management protocol, security 
associations for use by said provided internet protocol security services, from at least one 
management client, said at least one management client being deployed in an -said 
application device; 

receiving in a management server said security association management requests 
issued from said at least one management client; and 

responding, in connection with said internet protocol security service unit, to said 
security association management requests received at said management server, said 
management server being deployed in said service device, 

wherein said application device is connected to said service device by a 
communication network. 

11. (Previously Presented) The method according to claim 10, wherein said 
issuing comprises communicating at least one of said security association management 
requests issued from said application device and corresponding responses via an interface 
associated with said application device. 

12. (Previously Presented) The method according to claim 10, wherein said 
issuing comprises issuing said security association management requests comprising at 
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least one of adding requests for adding security associations, deleting requests for 
deleting security, and querying requests for querying about security associations. 

13. (Cancelled) 

14. (Currently Amended) An apparatus, comprising: 

at least one management client configured to issue , in response to communication 
received at said appar atus from a user equipment via a session key management protocol. 
security association management requests to create and manage, with a -said session key 
management protocol, security associations for use by one or more internet protocol 
security services comprising at least one of authentication services and encryption 
services provided by an internet protocol security service unit external to said apparatus; 
and 

an interface configured to communicate said issued security association 
management requests to a management server external to said apparatus, said 
management server configured to respond to said security association management 
requests in connection with said internet protocol security service unit. 

15. (Previously Presented) The apparatus according to claim 14, wherein said 
security association management requests comprise at least one of adding requests 
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configured to add security associations, deleting requests configured to delete security 
associations, and querying requests configured to query about security associations. 

16. (Previously Presented) An apparatus, comprising: 

an internet protocol security service unit configured to provide one or more 
internet protocol security services comprising at least one of authentication services and 
encryption services; and 

a management server configured to receive security association management 
requests issued from at least one management client external to said apparatus and to 
respond, in connection with said internet protocol security service unit, to said received 
security association management requests. 

17. (Previously Presented) The apparatus according to claim 16, wherein said 
internet protocol security service unit is configured to use a local communication channel 
for communications between said internet protocol security service unit and said 
management server. 

18. (Currently Amended) A method, comprising: 

issuin g, in response to communication received at an application device from a 
user equip ment via a session kev management protocol , from at least one management 
client deployed in an -said application device, security association management requests 
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to create and manage, with a -said session key management protocol, security associations 
for use by one or more internet protocol security services comprising at least one of 
authentication services and encryption services provided by an internet protocol security 
service unit external to said application device; and 

communicating at least one of said issued security association management 
requests to a management server external to said application device, wherein said 
management server is configured to respond to said security association management 
requests in connection with said internet protocol security service unit. 

19. (Previously Presented) The method according to claim 18, wherein said 
communicating comprises communicating at least one of said security association 
management requests issued from said application device and corresponding responses via 
an interface associated with said application device. 

20. (Previously Presented) The method according to claim 18, wherein said 
issuing comprises issuing said security association management requests comprising at 
least one of adding requests for adding security associations, deleting requests for 
deleting security, and querying requests for querying about security associations. 

2 1 . (Previously Presented) A method, comprising: 
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providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, wherein said internet protocol security service unit is deployed in a service 
device; and 

receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with 
said providing the one or more internet protocol security services, to said received 
security association management requests. 

22. (Currently Amended) A computer readable storage medium encoded with 
instructions that, when executed by a computer, perform a process, the process 
comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, said internet protocol security service unit being deployed in a service 
device; 

issuin g, in response to communication received at an application device from a 
user equip ment via a session key management protocol, security association management 
requests to create and manage, with a -said session key management protocol, security 
associations for use by said provided internet protocol security services, from at least one 
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management client, said at least one management client being deployed in an -said 
application device; 

receiving in a management server said security association management requests 
issued from said at least one management client; and 

responding, in connection with said internet protocol security service unit, to said 
security association management requests received at said management server, said 
management server being deployed in said service device, 

wherein said application device is connected to said service device by a 
communication network. 

23. (Currently Amended) A computer readable storage medium encoded with 
instructions that, when executed by a computer, perform a process, the process 
comprising: 

issuin g, in response to communication received at an application device from a 
user equipment via a session key management protocol , from at least one management 
client deployed in an -said application device, security association management requests 
to create and manage, with a -said session key management protocol, security associations 
for use by one or more internet protocol security services comprising at least one of 
authentication services and encryption services provided by an internet protocol security 
service unit external to said application device; and 
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communicating at least one of said issued security association management 
requests to a management server external to said application device, said management 
server configured to respond to said security association management requests in 
connection with said internet protocol security service unit. 

24. (Previously Presented) A computer readable storage medium encoded with 
instructions that, when executed by a computer, perform a process, the process 
comprising: 

providing one or more internet protocol security services comprising at least one 
of authentication services and encryption services from an internet protocol security 
service unit, said internet protocol security service unit being deployed in a service 
device; and 

receiving security association management requests issued from at least one 
management client external to said service device and responding, in connection with 
said providing the one or more internet protocol security services, to said received 
security association management requests. 

25. (Currently Amended) An apparatus, comprising: 

managing means for issuin g, in response to communication received at said 
apparatus from a user equipment via a session key management protocol, security 
association management requests to create and manage, with a — said session key 
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management protocol, security associations for use by one or more internet protocol 
security services comprising at least one of authentication services and encryption 
services provided by an internet protocol security service means external to said 
apparatus; and 

communicating means for communicating said issued security association 
management requests to a management server external to said apparatus, said 
management server configured to respond to said security association management 
requests in connection with said internet protocol security service means. 

26. (Previously Presented) An apparatus, comprising: 

internet protocol security service means for providing one or more internet 
protocol security services comprising at least one of authentication services and 
encryption services; and 

receiving means for receiving security association management requests issued 
from at least one management client external to said apparatus and for responding, in 
connection with said internet protocol security service means, to said received security 
association management requests. 
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